karaf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eduardo Aguinaga (JIRA)" <j...@apache.org>
Subject [jira] [Created] (KARAF-4205) Privacy Violation
Date Tue, 15 Dec 2015 15:56:46 GMT
Eduardo Aguinaga created KARAF-4205:
---------------------------------------

             Summary: Privacy Violation
                 Key: KARAF-4205
                 URL: https://issues.apache.org/jira/browse/KARAF-4205
             Project: Karaf
          Issue Type: Bug
    Affects Versions: 4.0.3
            Reporter: Eduardo Aguinaga


HP Fortify SCA and SciTools Understand were used to perform an application security analysis
of the karaf source code.

The method find() in GogoParser.java mishandles confidential information, which can compromise
user privacy and is often illegal.

File: shell/core/src/main/java/org/apache/karaf/shell/support/parsing/GogoParser.java
Line: 332

GogoParser.java, lines 329-333:
329 while (level != 0) {
330     if (eof()) {
331         throw new RuntimeException("Eof found in the middle of a compound for '"
332             + target + deeper + "', begins at " + context(start));
333     }



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message